vscode-dev-containers/script-library/sshd-debian.sh

#!/usr/bin/env bash
#-------------------------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
#-------------------------------------------------------------------------------------------------------------
#
# Docs: https://github.com/microsoft/vscode-dev-containers/blob/master/script-library/docs/sshd.md
#
# Syntax: ./sshd-debian.sh [SSH Port (don't use 22)] [non-root user] [start sshd now flag] [new password for user]
#
# Note: You can change your user's password with "sudo passwd $(whoami)" (or just "passwd" if running as root).

SSHD_PORT=${1:-"2222"}
USERNAME=${2:-"automatic"}
START_SSHD=${3:-"false"}
NEW_PASSWORD=${4:-"skip"}

set -e

if [ "$(id -u)" -ne 0 ]; then
    echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
    exit 1
fi

# Determine the appropriate non-root user
if [ "${USERNAME}" = "auto" ] || [ "${USERNAME}" = "automatic" ]; then
    USERNAME=""
    POSSIBLE_USERS=("vscode" "node" "codespace" "$(awk -v val=1000 -F ":" '$3==val{print $1}' /etc/passwd)")
    for CURRENT_USER in ${POSSIBLE_USERS[@]}; do
        if id -u ${CURRENT_USER} > /dev/null 2>&1; then
            USERNAME=${CURRENT_USER}
            break
        fi
    done
    if [ "${USERNAME}" = "" ]; then
        USERNAME=root
    fi
elif [ "${USERNAME}" = "none" ] || ! id -u ${USERNAME} > /dev/null 2>&1; then
    USERNAME=root
fi

# Function to run apt-get if needed
apt-get-update-if-needed()
{
    if [ ! -d "/var/lib/apt/lists" ] || [ "$(ls /var/lib/apt/lists/ | wc -l)" = "0" ]; then
        echo "Running apt-get update..."
        apt-get update
    else
        echo "Skipping apt-get update."
    fi
}

# Ensure apt is in non-interactive to avoid prompts
export DEBIAN_FRONTEND=noninteractive

# Install openssh-server openssh-client
if ! dpkg -s openssh-server openssh-client > /dev/null 2>&1; then
    apt-get-update-if-needed
    apt-get -y install --no-install-recommends openssh-server openssh-client 
fi

# Generate password if new password set to the word "random"
if [ "${NEW_PASSWORD}" = "random" ]; then
    NEW_PASSWORD="$(openssl rand -hex 16)"
    EMIT_PASSWORD="true"
fi

# If new password not set to skip, set it for the specified user
if [ "${NEW_PASSWORD}" != "skip" ]; then
    echo "${USERNAME}:${NEW_PASSWORD}" | chpasswd
    if [ "${NEW_PASSWORD}" != "root" ]; then
        usermod -aG ssh ${USERNAME}
    fi
fi

# Setup sshd
mkdir -p /var/run/sshd
sed -i 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' /etc/pam.d/sshd
sed -i 's/#*PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
sed -i -E "s/#*\s*Port\s+.+/Port ${SSHD_PORT}/g" /etc/ssh/sshd_config

# Write out a script that can be referenced as an ENTRYPOINT to auto-start sshd
tee /usr/local/share/ssh-init.sh > /dev/null \
<< EOF 
#!/usr/bin/env bash
set -e 

if [ "\$(id -u)" -ne 0 ]; then
    sudo /etc/init.d/ssh start
else
    /etc/init.d/ssh start
fi

set +e
exec "\$@"
EOF
chmod +x /usr/local/share/ssh-init.sh
chown ${USERNAME}:ssh /usr/local/share/ssh-init.sh

# If we should start sshd now, do so
if [ "${START_SSHD}" = "true" ]; then
    /usr/local/share/ssh-init.sh
fi

# Write out result
echo -e "Done!\n\n- Port: ${SSHD_PORT}\n- User: ${USERNAME}"
if [ "${EMIT_PASSWORD}" = "true" ]; then
    echo "- Password: ${NEW_PASSWORD}"
fi
echo -e "\nForward port ${SSHD_PORT} to your local machine and run:\n\n  ssh -p ${SSHD_PORT} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${USERNAME}@localhost\n"
Add basic sshd boostrapping script (#553) * sshd common script * Comments 2020-09-13 02:04:46 +03:00			`#!/usr/bin/env bash`
			`#-------------------------------------------------------------------------------------------------------------`
			`# Copyright (c) Microsoft Corporation. All rights reserved.`
			`# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.`
			`#-------------------------------------------------------------------------------------------------------------`
Update docs, point scripts to docs (CI Ignore) 2020-09-21 20:16:31 +03:00			`#`
			`# Docs: https://github.com/microsoft/vscode-dev-containers/blob/master/script-library/docs/sshd.md`
			`#`
Add basic sshd boostrapping script (#553) * sshd common script * Comments 2020-09-13 02:04:46 +03:00			`# Syntax: ./sshd-debian.sh [SSH Port (don't use 22)] [non-root user] [start sshd now flag] [new password for user]`
Update docs, point scripts to docs (CI Ignore) 2020-09-21 20:16:31 +03:00			`#`
Add basic sshd boostrapping script (#553) * sshd common script * Comments 2020-09-13 02:04:46 +03:00			`# Note: You can change your user's password with "sudo passwd $(whoami)" (or just "passwd" if running as root).`

			`SSHD_PORT=${1:-"2222"}`
Automatic user detection in library scripts (#568) 2020-09-20 06:39:07 +03:00			`USERNAME=${2:-"automatic"}`
Add basic sshd boostrapping script (#553) * sshd common script * Comments 2020-09-13 02:04:46 +03:00			`START_SSHD=${3:-"false"}`
			`NEW_PASSWORD=${4:-"skip"}`

			`set -e`

			`if [ "$(id -u)" -ne 0 ]; then`
Add SSH, Oh My Bash! to codespaces-linux (#566) 2020-09-18 20:40:56 +03:00			`echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'`
Add basic sshd boostrapping script (#553) * sshd common script * Comments 2020-09-13 02:04:46 +03:00			`exit 1`
			`fi`

Automatic user detection in library scripts (#568) 2020-09-20 06:39:07 +03:00			`# Determine the appropriate non-root user`
			`if [ "${USERNAME}" = "auto" ] \|\| [ "${USERNAME}" = "automatic" ]; then`
			`USERNAME=""`
Fix user detection (#579) 2020-09-26 21:48:21 +03:00			`POSSIBLE_USERS=("vscode" "node" "codespace" "$(awk -v val=1000 -F ":" '$3==val{print $1}' /etc/passwd)")`
Automatic user detection in library scripts (#568) 2020-09-20 06:39:07 +03:00			`for CURRENT_USER in ${POSSIBLE_USERS[@]}; do`
			`if id -u ${CURRENT_USER} > /dev/null 2>&1; then`
			`USERNAME=${CURRENT_USER}`
			`break`
			`fi`
			`done`
			`if [ "${USERNAME}" = "" ]; then`
			`USERNAME=root`
			`fi`
			`elif [ "${USERNAME}" = "none" ] \|\| ! id -u ${USERNAME} > /dev/null 2>&1; then`
Add basic sshd boostrapping script (#553) * sshd common script * Comments 2020-09-13 02:04:46 +03:00			`USERNAME=root`
			`fi`

			`# Function to run apt-get if needed`
			`apt-get-update-if-needed()`
			`{`
			`if [ ! -d "/var/lib/apt/lists" ] \|\| [ "$(ls /var/lib/apt/lists/ \| wc -l)" = "0" ]; then`
			`echo "Running apt-get update..."`
			`apt-get update`
			`else`
			`echo "Skipping apt-get update."`
			`fi`
			`}`

			`# Ensure apt is in non-interactive to avoid prompts`
			`export DEBIAN_FRONTEND=noninteractive`

			`# Install openssh-server openssh-client`
			`if ! dpkg -s openssh-server openssh-client > /dev/null 2>&1; then`
			`apt-get-update-if-needed`
			`apt-get -y install --no-install-recommends openssh-server openssh-client`
			`fi`

			`# Generate password if new password set to the word "random"`
			`if [ "${NEW_PASSWORD}" = "random" ]; then`
			`NEW_PASSWORD="$(openssl rand -hex 16)"`
			`EMIT_PASSWORD="true"`
			`fi`

			`# If new password not set to skip, set it for the specified user`
			`if [ "${NEW_PASSWORD}" != "skip" ]; then`
			`echo "${USERNAME}:${NEW_PASSWORD}" \| chpasswd`
			`if [ "${NEW_PASSWORD}" != "root" ]; then`
			`usermod -aG ssh ${USERNAME}`
			`fi`
			`fi`

			`# Setup sshd`
			`mkdir -p /var/run/sshd`
			`sed -i 's@session\srequired\spam_loginuid.so@session optional pam_loginuid.so@g' /etc/pam.d/sshd`
			`sed -i 's/#*PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config`
			`sed -i -E "s/#\sPort\s+.+/Port ${SSHD_PORT}/g" /etc/ssh/sshd_config`

			`# Write out a script that can be referenced as an ENTRYPOINT to auto-start sshd`
			`tee /usr/local/share/ssh-init.sh > /dev/null \`
			`<< EOF`
			`#!/usr/bin/env bash`
			`set -e`

			`if [ "\$(id -u)" -ne 0 ]; then`
chore: changing "restart" to "start" of sshd server (#613) * chore: changing "restart" to "start" of sshd server pid file of the sshd server gets saved in the container. When it is restarted on a different VM, the pid is different and that process gets killed. This results in random process kills and failure of about 10% of the resumes. Fix is to change "restart" to "start" so that no process gets killed as container doesn't have any processes at that time. * Making the same change in the script folder as well. 2020-10-16 01:42:39 +03:00			`sudo /etc/init.d/ssh start`
Add basic sshd boostrapping script (#553) * sshd common script * Comments 2020-09-13 02:04:46 +03:00			`else`
chore: changing "restart" to "start" of sshd server (#613) * chore: changing "restart" to "start" of sshd server pid file of the sshd server gets saved in the container. When it is restarted on a different VM, the pid is different and that process gets killed. This results in random process kills and failure of about 10% of the resumes. Fix is to change "restart" to "start" so that no process gets killed as container doesn't have any processes at that time. * Making the same change in the script folder as well. 2020-10-16 01:42:39 +03:00			`/etc/init.d/ssh start`
Add basic sshd boostrapping script (#553) * sshd common script * Comments 2020-09-13 02:04:46 +03:00			`fi`

			`set +e`
			`exec "\$@"`
			`EOF`
			`chmod +x /usr/local/share/ssh-init.sh`
			`chown ${USERNAME}:ssh /usr/local/share/ssh-init.sh`

			`# If we should start sshd now, do so`
			`if [ "${START_SSHD}" = "true" ]; then`
			`/usr/local/share/ssh-init.sh`
			`fi`

			`# Write out result`
			`echo -e "Done!\n\n- Port: ${SSHD_PORT}\n- User: ${USERNAME}"`
			`if [ "${EMIT_PASSWORD}" = "true" ]; then`
			`echo "- Password: ${NEW_PASSWORD}"`
			`fi`
			`echo -e "\nForward port ${SSHD_PORT} to your local machine and run:\n\n ssh -p ${SSHD_PORT} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${USERNAME}@localhost\n"`